|
|
>> Fedora Security Update Fixes Evolution-data-server Information Disclosure Weakness
|
Title : Fedora Security Update Fixes Evolution-data-server Information Disclosure Weakness
VUPEN ID : VUPEN/ADV-2007-1694
CVE ID : CVE-2007-1558
Rated as : Low Risk 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-05-08
|
A weakness has been identified in Fedora, which could be exploited by remote attackers to gain knowledge of sensitive information. This issue is caused by an error in the APOP protocol within evolution-data-server that fails to properly prevent MD5 collisions, which could be exploited via man-in-the-middle attacks and specially crafted message-IDs to potentially disclose the first three characters of passwords.
Affected Products
Fedora Core 6
Fedora Core 5
Solution
Upgrade the affected packages :
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/
86bc29ee119ba6e33ae29a32bfab68fffab43a8b SRPMS/evolution-data-server-1.6.3-4.fc5.src.rpm
86bc29ee119ba6e33ae29a32bfab68fffab43a8b noarch/evolution-data-server-1.6.3-4.fc5.src.rpm
7800b2b7eb903fd2f0670206a6bea25078b512a5 ppc/evolution-data-server-1.6.3-4.fc5.ppc.rpm
30f8b9392a0ab767176ea15156e83557515499b0 ppc/evolution-data-server-devel-1.6.3-4.fc5.ppc.rpm
305e9d272d535ad6cc33089d897ed67dc20863fb ppc/debug/evolution-data-server-debuginfo-1.6.3-4.fc5.ppc.rpm
fab7178ed139f106f4958315c7d38e55dedfb9d3 x86_64/evolution-data-server-1.6.3-4.fc5.x86_64.rpm
919ff414f030ba0d3c111c38c38ddfd5b0ba6024 x86_64/debug/evolution-data-server-debuginfo-1.6.3-4.fc5.x86_64.rpm
7c0c7b5c31967be82ea7fa9ceb92b2a65f057613 x86_64/evolution-data-server-devel-1.6.3-4.fc5.x86_64.rpm
03dd3f009993262c7676770e0d8848f922bb2630 i386/debug/evolution-data-server-debuginfo-1.6.3-4.fc5.i386.rpm
ff64383dd1454eb17631d81f0e0d456b0ec8ebf4 i386/evolution-data-server-devel-1.6.3-4.fc5.i386.rpm
78c83b32e29deb2ff764464140b8c8bc4ca2970c i386/evolution-data-server-1.6.3-4.fc5.i386.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/
a4fec398ad6e36c04adc6db264b19587f11fe062 SRPMS/evolution-data-server-1.8.3-6.fc6.src.rpm
a4fec398ad6e36c04adc6db264b19587f11fe062 noarch/evolution-data-server-1.8.3-6.fc6.src.rpm
0ddeb616d33d2ec503d99100843398c4230f97d9 ppc/evolution-data-server-1.8.3-6.fc6.ppc.rpm
14bd0fc568d275836df54b32a32853c05032a711 ppc/debug/evolution-data-server-debuginfo-1.8.3-6.fc6.ppc.rpm
0f9eefa8853dbdb03c5f9fca096b80376cd6e650 ppc/evolution-data-server-devel-1.8.3-6.fc6.ppc.rpm
117d78875939bf9aba27ca461195ef6bc9da9f06 x86_64/evolution-data-server-1.8.3-6.fc6.x86_64.rpm
85a7c24179c9df5383e305e9e2848028b0f8ca07 x86_64/evolution-data-server-devel-1.8.3-6.fc6.x86_64.rpm
abd09339cf2b950cb4700eafc636f44fe93c3a35 x86_64/debug/evolution-data-server-debuginfo-1.8.3-6.fc6.x86_64.rpm
f66889ddecf8ee036cac006dbb947c2005995d52 i386/evolution-data-server-devel-1.8.3-6.fc6.i386.rpm
c71211822de68554b152b15b9d293dca589b5122 i386/evolution-data-server-1.8.3-6.fc6.i386.rpm
8524ac26ece7f70625352408ca63f366b6711726 i386/debug/evolution-data-server-debuginfo-1.8.3-6.fc6.i386.rpm
References
http://www.vupen.com/english/advisories/2007/1694
https://www.redhat.com/archives/fedora-package-announce/2007-May/msg00013.html
https://www.redhat.com/archives/fedora-package-announce/2007-May/msg00014.html
ChangeLog
2007-05-08 : Initial release
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
